Date: Fri, 15 May 2009 17:09:41 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Cc: Eugene Teo <eugene@...hat.com>, Steven French <sfrench@...ibm.com>, security@...nel.org, jlayton@...hat.com, "Steven M. Christey" <coley@...us.mitre.org>, dann frazier <dannf@...ian.org>, Greg KH <greg@...ah.com> Subject: Re: Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.* On Thu, May 14, 2009 at 01:01:11PM -0400, Steven M. Christey wrote: > > On Thu, 14 May 2009, Eugene Teo wrote: > > > >> CVE-2009-NOT-YET-ASSIGNED: > > >> http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4 > > >> http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61 > > >> http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413 > > >> + some others in progress > > > > These fixes need to be tagged to a CVE. > > Use CVE-2009-1633, to be filled in later. This CVE should be anchored > *only* on the issue above. > > I'm almost afraid to ask what relationship there is between the above > commits and the extensive list of other issues from Jeff Layton, which > lists the above commit and a ton of others. Mark Cox or Josh Bressers, > this might be a good time for you to step in CNA-wise? The string conversion code in the CIFS module handling was rewritten to be able to handle destination buffer sizes. Its basically starting with this commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7fabf0c9479fef9fdb9528a5fbdb1cb744a744a4 and then conversions of the code to it. I am however not sure of how much needs to be backported, I guess only the stuff already with CVE entries. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.